Drupal · Drupal Colorbox · CVE-2025-3900
**Name of the Vulnerable Software and Affected Versions**
Drupal Colorbox versions 0.0.0 through 2.1.2
**Description**
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows an attacker to perform Cross-Site Scripting (XSS) attacks.
**Recommendations**
For versions 0.0.0 through 2.1.2, update to version 2.1.3 or later to resolve the issue.